The Evolving Threats of Cybersecurity

The last six months has seen the world drastically change, facing a once-in-a-life time pandemic. Our lives rapidly transitioned to almost a completely digital world and, for many, have stayed there ever since. With this dramatic and instantaneous shift to an online society, cybersecurity threats have increased in frequency and evolved in sophistication. And, while many in the industry have been cautioning that these online threats are increasingly impacting the “real,” i.e., physical, world, this month, there is a tragic example of how real this threat is. 

In Germany, a woman died after she was turned away from a hospital because the hospital could not admit her into their systems due to a cyber attack. Hospitals are especially vulnerable to cyber attacks due to the sensitive healthcare information they collect on individuals. Further, by nature of their operations, it is inherently tricky to completely lock down and protect all systems, applications, and medical devices that have access to that sensitive information. In short, healthcare organizations are the proverbial sitting duck. 

The tragedy of this story is that an innocent woman lost her life, and the hospital impacted was not even the intended recipient of the cyber attack. The attack, as evidenced by the ransom note that accompanied the attack, was intended for an affiliated university, and not the hospital itself. Following the incident, the prosecutors in Cologne, Germany have opened a negligent homicide investigation into the incident, against unknown defendants. 

What does this mean for cybersecurity and its professionals?

1. The Threat Landscape is in both the Digital and the Physical

For many, the thought of cybersecurity rests completely in the digital realm. But, that is not an accurate picture of today’s world. If you want to watch TV, read a book, order take-out, connect to work, make a doctor’s appointment, you name it, it all has a digital component. Even if you are not interacting with the digital world, the activity will at some point become digital, be it record keeping or order history. 

This is further exacerbated by the move to place all of our critical infrastructure into digital platforms. Both state and federal governments are increasingly using cloud computing solutions. As more and more government functions move to digital environments, protecting and securing those services becomes more challenging. 

2. Cyber professionals are becoming front-line, first responders.

For many, cyber threats are seen as monetary: someone steals your identity to then steal your bank or other financial information. However, as more and more of our society goes digital, our critical infrastructure and services, such as healthcare and telecommunications, are increasingly susceptible to cyber attacks. This means that cyber is quickly becoming a literal life and death situation. This results in cyber professionals being involved in similar situations as emergency responders. These high-pressure, life and death scenarios, place real mental and physical strain on these individuals who are trying to protect our systems and networks, so that we can continue on with life and receive the care we need. 

Society needs to recognize the strain placed on these professionals, and build in expectations, and work structures, that allow for the intensity of the job. 

3. It is more important than ever that cybersecurity be a key part of all business strategies. 

The digital world is not going away, and businesses are now, more so than ever before, reliant completely on the Internet and technology to provide their services. That means that cybersecurity, and its corresponding threats and vulnerabilities, need  to be addressed. The wait-and-see approach is no longer viable. 

Where do we go from here?

Cybersecurity is a critical part of all businesses, both private and public. The fact that a cyber attack has directly led to someone’s death emphasizes  the point that all of us need to work together to create a globally secure online environment. 

To start, businesses need to assess their infrastructure, understand their data, and identify their vulnerabilities. Next, take some action to start mitigating your risks: review your contracts and agreements with vendors, create standard technological controls to address cyber challenges. And, document it all. It stands to reason that as cyber attacks create more risk and impact lives, the corresponding legal liabilities will also increase and evolve. 

Businesses need to be prepared to address the evolving threats of cybersecurity. This is no more important than now, when we are all living within digital worlds during a pandemic. Contact our team to learn more, and to start to work towards securing your infrastructure and reducing risk and liability today!  

* * * * * *

Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind.  If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.